By default, our traffic is allowed to move unrestricted within a VLAN. One host sends packets to another host and it's heard only by the destination host this is the beauty of layer 2 switching. However, if one host sends the broadcast packet, all the remaining hosts on that VLAN listen to that broadcast and reply as per the broadcast. We can solve this if the host is connected to a local switch with VACL or configured with more VLAN but it would be nice to have the capability to segment traffic within a single VLAN, without having to use multiple VLANs. The solution is Private VLAN
Check out the tons of free material at www.thetechfirm.com, or consider having Tony train your team